Subject Matter Expert - RMF & ATO Lead jobs in United States
cer-icon
Apply on Employer Site
company-logo

Blake Willson Group · 1 hour ago

Subject Matter Expert - RMF & ATO Lead

positionWashington, DC
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$160K/yr - $190K/yr
date10+ years exp

Blake Willson Group (BWG) is a firm that combines domain experts with technologists to enhance financial management solutions for critical mission objectives. The Senior RMF & ATO Lead will oversee the execution of the NIST Risk Management Framework and Authority to Operate processes, ensuring compliance with federal cybersecurity requirements and guiding teams through all lifecycle phases.

ConsultingProject Management
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Lead execution of the NIST RMF lifecycle in accordance with NIST SP 800-37, including Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor phases
Oversee the development, quality review, and approval readiness of authorization package artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and risk assessment documentation
Guide system owners and technical teams through Rapid ATO timelines while maintaining full compliance with DOJ policies and NIST SP 800-53 control requirements
Lead security control selection, tailoring, and allocation based on system categorization, architecture, and operational environment
Validate security control implementations and ensure documentation is supported by verifiable technical evidence across cloud and on-premise environments
Direct the development of Security Assessment Plans (SAPs) and review assessment results to support authorization decisions
Lead risk analysis, determination, and response activities, including advising leadership on risk acceptance, mitigation, or remediation strategies
Oversee POA&M development and ensure remediation activities are tracked to closure in accordance with federal timelines
Provide oversight of Continuous Monitoring (ConMon) strategies, ensuring ongoing authorization requirements are met and accurately reported
Ensure authorization packages are updated to reflect system changes, assessment results, and evolving risk conditions
Ensure all RMF and supporting documentation is complete, accurate, and entered into JCAM
Lead development and review of supporting cybersecurity artifacts, including Incident Response Plans, Contingency Plans, Configuration Management Plans, Interconnection Security Agreements (ISAs), Memorandums of Understanding (MOUs), and privacy documentation (IPA/PIA), as applicable
Serve as the primary cybersecurity liaison to system owners, ISSOs, engineers, assessors, and Authorizing Official (AO) representatives
Provide technical leadership, mentorship, and guidance to ATO analysts, security engineers, and architects
Support issue resolution efforts and facilitate risk-based decision making with senior leadership and stakeholders

Qualification

NIST RMFSecurity AssessmentsFederal Security RegulationsCISA CertificationCISSP CertificationIT Project ManagementAgile MethodologiesWaterfall MethodologiesTechnical CommunicationMentorship

Required

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, Information Security, Computer Engineering, Business, or a related field
10 years of total experience in IT Project Management in both Waterfall and Agile environments
5 years of experience performing system security assessments, preparing system security documentation, and/or executing security upgrades for live networks, servers, desktop systems, and enterprise databases leading to successful certification, accreditation, or ATO
5 years of IT security experience with extensive knowledge of federal security regulations and assessment methodologies, including development of A&A and ATO packages for a wide range of systems, including classified systems
Active possession of two (2) of the following certifications: CISA, CRISC, CISM, CGEIT, CISSP, or CAP

Preferred

Experience assessing and enhancing IT security policies and procedures in response to federal and international regulatory requirements
Strong working knowledge of NIST Special Publications, including NIST SP 800-53 for security control selection and NIST SP 800-37, with experience using JCAM preferred
Experience supporting DOJ, BOP, or other federal law enforcement or justice-related environments
Experience leading Rapid ATO efforts for cloud-based systems
Strong written and verbal communication skills with the ability to brief technical and non-technical stakeholders

Benefits

Major medical benefits such as dental and vision coverage
A 401(k)-contribution plan
Holiday and personal time off
Professional development training & certification benefits
Health & wellness subsidies
Paid time off for community service

Company

Blake Willson Group

twittertwitter
company-logo
Blake Willson Group provides compilation, reporting, auditing, risk monitoring, mitigation and project management services.
dateFounded in 2013
location
Arlington, Virginia, USA
people-size51-200 employees
web-link
https://www.blakewillsongroup.com/

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
RJ Blake
President & CEO
linkedin
leader-logo
Rob Franklin
Advisor
linkedin

Recent News

PRWeb
Blake Willson Group Welcomes Chris Stockel as Executive Director
2025-11-19
PRWeb
Blake Willson Group Announces Appointment of Rob Franklin as Chief of Staff
2025-11-10
Blake Willson Group
Blake Willson Group’s 2025 Momentum Builds in the National Capital Region with WBJ Fastest Growing Companies Recognition, GovCon Awards Finalist Status, and Inc. National Accolades
2025-08-29
Company data provided by crunchbase